www.helpnetsecurity.com
Open in
urlscan Pro
44.229.251.251
Public Scan
URL:
https://www.helpnetsecurity.com/2024/02/01/cvemap-query-browse-search-cve/
Submission: On February 02 via api from TR — Scanned from DE
Submission: On February 02 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1706839725"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
* News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Please turn on your JavaScript for this page to function normally. Mirko Zorz, Director of Content, Help Net Security February 1, 2024 Share CVEMAP: OPEN-SOURCE TOOL TO QUERY, BROWSE AND SEARCH CVES CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although CVEs are crucial for pinpointing and discussing security weaknesses, their rapid growth and occasional overstatement of severity often result in misleading information. Security experts, who must be constantly alert to thwart adversaries seeking any vulnerability, are distracted by the sheer volume of CVEs. This can lead to misallocated resources and the neglect of genuinely critical vulnerabilities. This is where CVEMap comes in. CVEMap leverages a variety of valuable sources for its operations: Known Exploited Vulnerabilities Catalog (KEV): Managed by CISA, this catalog lists actively exploited vulnerabilities and crucial deadlines, aiding in prioritizing urgent threats. Exploit Prediction Scoring System (EPSS): This model predicts the likelihood of a vulnerability being exploited, providing a probability score and incorporating real-world data, which goes beyond traditional focus on vulnerability characteristics. Proofs of Concept (POCs): This includes official PoCs, extensive references, and top-ranked PoCs from GitHub and other platforms, offering insights into exploitability. HackerOne CVE Discovery: Features CVE reports and rankings from bug bounty hunters on the HackerOne platform. Exposure on the internet: Offers data on active internet hosts for specific products, giving real-time insights into the global exposure of vulnerabilities. GitHub and OSS Data: Provides metrics and popularity information for open-source projects affected by CVEs. Nuclei Templates: A community-curated list of templates for the Nuclei engine to identify vulnerabilities, along with a reliable set of PoCs for easy testing and retesting of vulnerabilities at scale. “The unique features that make CVEMap stand out are the visualization of multiple data points in a single view, the ability to filter CVEs based on any data point, and CVE to HackerOne reports mapping. In the future, we want to add more data points and use these different data points for CVE prioritization,” Sandeep Singh, CTO at ProjectDiscovery.io, told Help Net Security. CVEMap is available for free on GitHub. More open-source tools to consider: * Faction: Open-source pentesting report generation and collaboration framework * Adalanche: Open-source Active Directory ACL visualizer, explorer * AuthLogParser: Open-source tool for analyzing Linux authentication logs * DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts * Subdominator: Open-source tool for detecting subdomain takeovers * EMBA: Open-source security analyzer for embedded devices * Nemesis: Open-source offensive data enrichment and analytic pipeline * SessionProbe: Open-source multi-threaded pentesting tool * Mosint: Open-source automated email OSINT tool * Vigil: Open-source LLM security scanner * AWS Kill Switch: Open-source incident response tool * PolarDNS: Open-source DNS server tailored for security evaluations * k0smotron: Open-source Kubernetes cluster management * Kubescape 3.0 elevates open-source Kubernetes security * Logging Made Easy: Free log management solution from CISA * GOAD: Vulnerable Active Directory environment for practicing attack techniques * Wazuh: Free and open-source XDR and SIEM * Yeti: Open, distributed, threat intelligence repository * BinDiff: Open-source comparison tool for binary files * LLM Guard: Open-source toolkit for securing Large Language Models * Velociraptor: Open-source digital forensics and incident response More about * CISA * CVE * cybersecurity * GitHub * HackerOne * open source * Project Discovery * software Share FEATURED NEWS * FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities * FBI disrupts Chinese botnet used for targeting US critical infrastructure * Threat actor used Vimeo, Ars Technica to serve second-stage malware Whitepaper: MFA misconceptions SPONSORED * eBook: Defending the Infostealer Threat * Guide: SaaS Offboarding Checklist * eBook: Keeping Active Directory out of hackers’ cross-hairs DON'T MISS * FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities * FBI disrupts Chinese botnet used for targeting US critical infrastructure * Threat actor used Vimeo, Ars Technica to serve second-stage malware * Zero trust implementation: Plan, then execute, one step at a time * Custom rules in security tools can be a game changer for vulnerability detection Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2024 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×